Q: double cname reference and resulting mx

Kevin Darcy kcd at daimlerchrysler.com
Fri Jan 17 19:42:40 UTC 2003

rgvt at gmx.net wrote:

>>>following scenario:
>>>s3.dom.com -(cname)-> s2.dom.com -(cname)-> s1.dom.com
>>>s2 & s3 do not have an associated mx.  only s1 has an mx.
>>>what is the correct behaviour when sending mail to s3?
>>>- the mx of s1 will be used and mail will be delivered
>>>- or mail will not come through
>>>in any case it would be great if somebody could point to a
>>>location within an rfc where this will be allowed or denied.
>>>i need this because someone who hosts a mail server
>>>seems to believe that it conforms to the rfcs not to deliver
>>>mail sent to s3.
>>	RFC 2821 is the current proposed standard.
>>	user at s3.dom.com should be delivered to the host referenced
>>	in the MX record.  Older MTAs may re-write user at s3.dom.com
>>	as user at s1.dom.com in the SMTP transaction as RFC 821 didn't
>>	allow aliases (owners of CNAMES) to be used.  I can't see
>>	that restriction in RFC 2821.
>>	RFC 2821 expects *local* aliases to be re-written to their
>>	fully qualified forms.  CNAME are not *local* aliases.
>>	I would not depend upon user at s3.dom.com not being re-written
>>	to user at s1.dom.com.  If you need user at s3.dom.com to be
>>	differnet to user at s1.dom.com use a MX record for s3.dom.com
>>	along with any other records at s1.dom.com that are required.
>>	Not delivering mail that referenced a CNAME doesn't pass
>>	the giggle test.  CNAMEs were designed to allow machined
>>	to be renamed and to have the old names work until they
>>	were no longer needed.
>hello mark,
>thanks for your answer.
>now we are struggling around finding the exact location that inhibits this
>behaviour.  in rfc 2821 i found this:
>3.6 Domains
>[...]  In other words, names that can
>   be resolved to MX RRs or A RRs (as discussed in section 5) are
>   permitted, as are CNAME RRs whose targets can be resolved, in turn,
>   to MX or A RRs.  [...]
>5. Address Resolution and Mail Handling
>[...]  The lookup first attempts to locate an MX
>   record associated with the name.  If a CNAME record is found instead,
>   the resulting name is processed as if it were the initial name.   [...]
>does section 5 describe that having a cname as an mx is allowed (what
>everybody says is not recommended).  or does this phrase mean that
>sending mail to cnames is allowed as long as they end in an A record only
>or an A record that has an MX record associated (without specifying the
>number of indirections for the cnames).
>rfc 1123 states that smtp mail should not be sent to cnames but to
>canonical names only.  what does this statement in rfc 2821 mean?
In general, chaining CNAMEs is disrecommended. Pointing a CNAME at an A 
or MX record is fine, but pointing an MX at a CNAME is illegal.

What Mark was mostly talking about was whether MTAs will rewrite 
addresses when CNAMEs are encountered. Note that this behavior would be 
above and beyond the actual mail routing function. Such rewriting 
behavior can cause mail-handling problems, especially if exotic forms of 
aliasing and/or forwarding are in effect.

                                        - Kevin


More information about the bind-users mailing list